PKCS#11規(guī)范培訓(xùn)PPT課件

PKCS#11標(biāo)準(zhǔn)介紹,軟件開發(fā)中心安全軟件部,寫在前面的,PKCS11是什么為什么會(huì)有PKCS11PKCS11能干什么PKCS11的特點(diǎn),PKCS11是什么,PKCS系列規(guī)范的第11部分CryptographicTokenInterfaceSTD68個(gè)函數(shù)接口應(yīng)用程序與加密Token之間的接口,為什么會(huì)有PKCS11,為使用加密Token的應(yīng)用程序提供統(tǒng)一的編程接口為應(yīng)用程序提供獨(dú)立于設(shè)備的編程接口屏蔽加密設(shè)備的復(fù)雜性應(yīng)用程序可以方便的更換設(shè)備既生瑜何生亮PKCS11vsCSP,PKCS11能干什么,完成所有(據(jù)我所知)的密碼操作加密解密簽名驗(yàn)證摘要密鑰生成/派生對(duì)象的創(chuàng)建，存儲(chǔ)，查找，修改，使用，刪除應(yīng)用程序會(huì)話管理,PKCS11的特點(diǎn),跨平臺(tái)可擴(kuò)展支持多設(shè)備，多線程更專注于加密Token簡(jiǎn)化的應(yīng)用模式（一個(gè)User，一個(gè)SO）,內(nèi)容,關(guān)于PKCS#11概述基本概念I(lǐng)V.典型對(duì)象屬性分析V.API分析與應(yīng)用實(shí)例,關(guān)于PKCS#11,是一套針對(duì)加密Token的應(yīng)用編程接口屏蔽了硬件細(xì)節(jié)針對(duì)ANSIC編寫的接口也稱作Cryptoki廣泛應(yīng)用于Token相關(guān)的產(chǎn)品中（例如Netscape,Mozilla,Firefox,Thunderbird）簡(jiǎn)化的應(yīng)用模式（一個(gè)User，一個(gè)SO）,7816-1/2/3/4/5/6/8,ASN.1,PKCS-1/13/14/15,7816-15,DES,AES,SHA,MD2,MD5,PKCS-11,CSP,X509,PKCS-3/5/7/8/9/10/12,SSL,S/MIME,IE,Outlook,Foxmail,Word,Netscape,Mozilla,Firefox,Thunderbird,關(guān)于PKCS#11,內(nèi)容,關(guān)于PKCS#11概述基本概念I(lǐng)V.典型對(duì)象屬性分析V.API分析與應(yīng)用實(shí)例,概述,總體模型,概述,Token邏輯視圖,令牌邏輯視圖是一個(gè)能存儲(chǔ)對(duì)象和能執(zhí)行密碼函數(shù)的設(shè)備,概述,函數(shù)接口概述通用目的函數(shù),概述,函數(shù)接口概述槽和令牌管理函數(shù),概述,函數(shù)接口概述會(huì)話管理函數(shù),概述,函數(shù)接口概述對(duì)象管理函數(shù),概述,函數(shù)接口概述加密和解密函數(shù),概述,函數(shù)接口概述摘要計(jì)算函數(shù),概述,函數(shù)接口概述簽名和MAC計(jì)算函數(shù),概述,函數(shù)接口概述簽名和MAC驗(yàn)證函數(shù),概述,函數(shù)接口概述雙功能密碼函數(shù),概述,函數(shù)接口概述密鑰管理函數(shù),概述,函數(shù)接口概述其他函數(shù),內(nèi)容,關(guān)于PKCS#11概述基本概念I(lǐng)V.典型對(duì)象屬性分析V.API分析與應(yīng)用實(shí)例,基本概念,Slotsomeofthesedefaultvaluesmayevenbetheemptystring(“”).Nonetheless,theobjectpossessestheseattributes.Agivenobjecthasasinglevalueforeachattributeitpossesses,eveniftheattributeisavendorspecificattributewhosemeaningisoutsidethescopeofCryptoki.InadditiontopossessingCryptokiattributes,objectsmaypossessadditionalvendorspecificattributeswhosemeaningsandvaluesarenotspecifiedbyCryptoki.,基本概念A(yù)ttribute,基本概念,3.4Users,PKCS11識(shí)別兩種令牌用戶類型。一個(gè)類型就是安全官員（SO）。另一個(gè)類型就是普通用戶。只有普通用戶才能訪問令牌上的私有對(duì)象，而且只有普通用戶在得到授權(quán)后才能進(jìn)行這種訪問。一些令牌可能需要用戶在執(zhí)行令牌上的任意密碼功能之前得到授權(quán)，不管令牌是否涉及私有對(duì)象。SO的作用是初始化一個(gè)令牌，設(shè)置普通用戶的PIN（或由Cryptoki版本以外的方式確定普通用戶怎樣得到授權(quán)），或許還要操作某些公共對(duì)象。普通用戶只有在SO設(shè)置普通用戶的PIN以后才能注冊(cè)。,3.5Sessions,基本概念,會(huì)話在應(yīng)用程序和令牌之間提供一個(gè)邏輯連接。Cryptoki需要用令牌打開一個(gè)以上的會(huì)話以便使用令牌的對(duì)象和函數(shù)。會(huì)話可以是讀/寫（R/W）會(huì)話，也可以是只讀（R/O）會(huì)話。讀/寫和只讀指的是通向令牌對(duì)象的入口，而不是會(huì)話對(duì)象。在這兩種會(huì)話類型下，應(yīng)用程序能夠創(chuàng)建、讀、寫和破壞會(huì)話對(duì)象。但是，只有在讀/寫會(huì)話中，應(yīng)用程序能夠創(chuàng)建、修改和破壞令牌對(duì)象。,3.6狀態(tài)轉(zhuǎn)換（與Session有關(guān)）一個(gè)打開的會(huì)話可以在幾種狀態(tài)之一。會(huì)話狀態(tài)決定通向?qū)ο蠛驮跁?huì)話上執(zhí)行的函數(shù)允許的通道。,基本概念,打開一個(gè)會(huì)話后，應(yīng)用程序便可訪問令牌的公共對(duì)象。所給應(yīng)用程序的所有線程可訪問相同會(huì)話和相同會(huì)話對(duì)象。為了訪問令牌私有對(duì)象，不同用戶必須先登錄并得到授權(quán)。當(dāng)關(guān)閉一個(gè)會(huì)話后，在該會(huì)話過程中創(chuàng)建的任何會(huì)話對(duì)象都會(huì)被破壞。這甚至適用于其它會(huì)話正在使用的會(huì)話對(duì)象。如果單個(gè)應(yīng)用程序打開同一令牌的多個(gè)會(huì)話，并使用其中一個(gè)創(chuàng)建會(huì)話對(duì)象，那么這些會(huì)話對(duì)象就可以被該應(yīng)用程序的所有會(huì)話看到。但是，當(dāng)創(chuàng)建對(duì)象的會(huì)話關(guān)閉時(shí)，對(duì)象也被破壞了。Cryptoki支持在多令牌上的多個(gè)會(huì)話。應(yīng)用程序可以和一個(gè)以上的令牌進(jìn)行一個(gè)以上的會(huì)話。一個(gè)令牌可以和一個(gè)以上的應(yīng)用程序進(jìn)行多個(gè)會(huì)話。但是，一個(gè)特定的令牌可能要求應(yīng)用程序只能有限定數(shù)量的會(huì)話，或只能有限定數(shù)量的讀/寫會(huì)話。,狀態(tài)轉(zhuǎn)換只讀會(huì)話,基本概念狀態(tài)轉(zhuǎn)換,ROsession,基本概念狀態(tài)轉(zhuǎn)換,Note:Read-OnlySOSessiondonotexists.,狀態(tài)轉(zhuǎn)換讀寫會(huì)話,基本概念狀態(tài)轉(zhuǎn)換,RWsession,基本概念狀態(tài)轉(zhuǎn)換,狀態(tài)轉(zhuǎn)換會(huì)話權(quán)限,基本概念狀態(tài)轉(zhuǎn)換,Sessionevents,基本概念狀態(tài)轉(zhuǎn)換,在CryptokiVersion2.1中,使用令牌的一個(gè)應(yīng)用程序的所有會(huì)話必須有相同的登錄/注銷狀態(tài)（對(duì)于一個(gè)給定的應(yīng)用程序和令牌，只能處于下列情況之一：所有會(huì)話是公共會(huì)話，所有會(huì)話是SO會(huì)話或所有會(huì)話是用戶會(huì)話）。當(dāng)一個(gè)應(yīng)用程序的會(huì)話登錄一個(gè)令牌，使用該令牌的應(yīng)用程序的所有會(huì)話也被登錄；當(dāng)一個(gè)應(yīng)用程序的會(huì)話注銷一個(gè)令牌，該應(yīng)用程序的所有會(huì)話也被注銷。同樣，例如，如果使用令牌的一個(gè)應(yīng)用程序已經(jīng)有一個(gè)打開的R/O用戶，并且用該令牌打開一個(gè)R/W會(huì)話，該R/W會(huì)話會(huì)自動(dòng)地登錄。這意味著一個(gè)給定的應(yīng)用程序使用一個(gè)給定的令牌不可能同時(shí)有打開的SO會(huì)話和用戶會(huì)話。這也意味著如果使用一個(gè)令牌，一個(gè)應(yīng)用程序有一個(gè)R/WSO會(huì)話，那么它不能用這個(gè)令牌打開一個(gè)R/O會(huì)話，因?yàn)镽/OSO會(huì)話不存在。同理，如果一個(gè)應(yīng)用程序有一個(gè)打開的R/O會(huì)話，那么它不可能作為SO把其它會(huì)話登錄到該令牌。,基本概念狀態(tài)轉(zhuǎn)換,機(jī)制描述了密碼操作應(yīng)該怎樣被執(zhí)行typedefstructCK_MECHANISMCK_MECHANISM_TYPEmechanism;CK_VOID_PTRpParameter;CK_ULONGulParameterLen;CK_MECHANISM;C_GetMechanismList獲取支持的機(jī)制列表,基本概念機(jī)制,3.7Mechanism,調(diào)用C_Initialize后的應(yīng)用程序才稱為“Cryptoki應(yīng)用程序”Cryptoki應(yīng)用程序是否需要Cryptoki的多線程支持，需要在C_Initialize函數(shù)中指定。,3.8應(yīng)用程序與多線程,基本概念,內(nèi)容,關(guān)于PKCS#11概述基本概念I(lǐng)V.典型對(duì)象屬性分析V.API分析與應(yīng)用實(shí)例,4.1對(duì)象屬性腳注說明,1MustbespecifiedwhenobjectiscreatedwithC_CreateObject.2MustnotbespecifiedwhenobjectiscreatedwithC_CreateObject.3MustbespecifiedwhenobjectisgeneratedwithC_GenerateKeyorC_GenerateKeyPair.4MustnotbespecifiedwhenobjectisgeneratedwithC_GenerateKeyorC_GenerateKeyPair.5MustbespecifiedwhenobjectisunwrappedwithC_UnwrapKey.6MustnotbespecifiedwhenobjectisunwrappedwithC_UnwrapKey.7CannotberevealedifobjecthasitsCKA_SENSITIVEattributesettoCK_TRUEoritsCKA_EXTRACTABLEattributesettoCK_FALSE.,IV典型對(duì)象屬性分析,4.1對(duì)象屬性腳注說明,8MaybemodifiedafterobjectiscreatedwithaC_SetAttributeValuecall,orintheprocessofcopyingobjectwithaC_CopyObjectcall.However,itispossiblethataparticulartokenmaynotpermitmodificationoftheattributeduringthecourseofaC_CopyObjectcall.9Defaultvalueistoken-specific,andmaydependonthevaluesofotherattributes.10CanonlybesettoCK_TRUEbytheSOuser.11AttributecannotbechangedoncesettoCK_TRUE.Itbecomesareadonlyattribute.12AttributecannotbechangedoncesettoCK_FALSE.Itbecomesareadonlyattribute.,IV典型對(duì)象屬性分析,4.2通用對(duì)象屬性,4.3通用存儲(chǔ)對(duì)象屬性,當(dāng)對(duì)象創(chuàng)建以后，只有CKA_TOKEN值可以被修改,4.4數(shù)據(jù)對(duì)象屬性,4.5通用證書對(duì)象屬性,4.6X.509公鑰證書對(duì)象,4.7WTLS公鑰證書對(duì)象,4.8X.509屬性證書對(duì)象,4.9通用KEY屬性,4.10通用公鑰對(duì)象,RSA公鑰對(duì)象屬性,4.11通用私鑰對(duì)象(1),4.11通用私鑰對(duì)象(2),RSA私鑰對(duì)象屬性,4.12通用密鑰對(duì)象(1),4.12通用密鑰對(duì)象(2),DES密鑰對(duì)象屬性,RC4密鑰對(duì)象屬性,4.13對(duì)象屬性總結(jié),PKCS#11規(guī)定了每個(gè)對(duì)象的每一個(gè)屬性屬性腳注表非常重要，對(duì)象的創(chuàng)建、修改、拷貝等操作時(shí)設(shè)定的屬性模板應(yīng)不違背屬性標(biāo)注（例如，在C_GenerateKey生成3DES密鑰時(shí)需要指定CKA_KEY_TYPE，而不能指定CKA_LOCAL）。PKCS#11標(biāo)準(zhǔn)的各個(gè)版本中對(duì)象屬性的腳注存在差別（例如，Ver2.1中C_GenerateKeyPair時(shí)必須指定CKA_PUBLIC_EXPONENT，而在Ver2.2中可以不用指定此屬性）,內(nèi)容,關(guān)于PKCS#11概述基本概念典型對(duì)象屬性分析API分析與應(yīng)用實(shí)例,VAPI分析與應(yīng)用實(shí)例,通用目的函數(shù)Initialize,cleanup,informationaboutthelibraryitselfSlot/Token管理函數(shù)GetSlotInfo,GetTokenInfo,會(huì)話管理函數(shù)OpenSession,CloseSession對(duì)象管理函數(shù)Create,Destroy,Copy,API分析與應(yīng)用實(shí)例(2),加密函數(shù)解密函數(shù)摘要函數(shù)簽名函數(shù)校驗(yàn)函數(shù)密鑰管理函數(shù),通用目的函數(shù),1.C_InitializeCK_DEFINE_FUNCTION(CK_RV,C_Initialize)(CK_VOID_PTRpInitArgs);typedefstructCK_C_INITIALIZE_ARGSCK_CREATEMUTEXCreateMutex;CK_DESTROYMUTEXDestroyMutex;CK_LOCKMUTEXLockMutex;CK_UNLOCKMUTEXUnlockMutex;CK_FLAGSflags;CK_VOID_PTRpReserved;CK_C_INITIALIZE_ARGS;2.C_FinalizeCK_DEFINE_FUNCTION(CK_RV,C_Finalize)(CK_VOID_PTRpReserved);,通用目的函數(shù),3.C_GetInfoCK_DEFINE_FUNCTION(CK_RV,C_GetInfo)(CK_INFO_PTRpInfo);4.C_GetFunctionListCK_DEFINE_FUNCTION(CK_RV,C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTRppFunctionList);,Slot/Token管理函數(shù),C_GetSlotListCK_DEFINE_FUNCTION(CK_RV,C_GetSlotList)(CK_BBOOLtokenPresent,CK_SLOT_ID_PTRpSlotList,CK_ULONG_PTRpulCount);,Slot/Token管理函數(shù),2.C_GetSlotInfoCK_DEFINE_FUNCTION(CK_RV,C_GetSlotInfo)(CK_SLOT_IDslotID,CK_SLOT_INFO_PTRpInfo);,Slot/Token管理函數(shù),3.C_GetTokenInfoCK_DEFINE_FUNCTION(CK_RV,C_GetTokenInfo)(CK_SLOT_IDslotID,CK_TOKEN_INFO_PTRpInfo);,Slot/Token管理函數(shù),4.C_WaitForSlotEventCK_DEFINE_FUNCTION(CK_RV,C_WaitForSlotEvent)(CK_FLAGSflags,CK_SLOT_ID_PTRpSlot,CK_VOID_PTRpReserved);,Slot/Token管理函數(shù),5.C_GetMechanismListCK_DEFINE_FUNCTION(CK_RV,C_GetMechanismList)(CK_SLOT_IDslotID,CK_MECHANISM_TYPE_PTRpMechanismList,CK_ULONG_PTRpulCount);,Slot/Token管理函數(shù),6.C_GetMechanismInfoCK_DEFINE_FUNCTION(CK_RV,C_GetMechanismInfo)(CK_SLOT_IDslotID,CK_MECHANISM_TYPEtype,CK_MECHANISM_INFO_PTRpInfo);,Slot/Token管理函數(shù),7.C_InitTokenCK_DEFINE_FUNCTION(CK_RV,C_InitToken)(CK_SLOT_IDslotID,CK_UTF8CHAR_PTRpPin,CK_ULONGulPinLen,CK_UTF8CHAR_PTRpLabel);,Slot/Token管理函數(shù),8.C_InitPINCK_DEFINE_FUNCTION(CK_RV,C_InitPIN)(CK_SESSION_HANDLEhSession,CK_UTF8CHAR_PTRpPin,CK_ULONGulPinLen);,Slot/Token管理函數(shù),9.C_SetPINCK_DEFINE_FUNCTION(CK_RV,C_SetPIN)(CK_SESSION_HANDLEhSession,CK_UTF8CHAR_PTRpOldPin,CK_ULONGulOldLen,CK_UTF8CHAR_PTRpNewPin,CK_ULONGulNewLen);,會(huì)話管理函數(shù),1.C_OpenSessionCK_DEFINE_FUNCTION(CK_RV,C_OpenSession)(CK_SLOT_IDslotID,CK_FLAGSflags,CK_VOID_PTRpApplication,CK_NOTIFYNotify,CK_SESSION_HANDLE_PTRphSession);,會(huì)話管理函數(shù),2.C_CloseSessionCK_DEFINE_FUNCTION(CK_RV,C_CloseSession)(CK_SESSION_HANDLEhSession);,會(huì)話管理函數(shù),3.C_CloseAllSessionsCK_DEFINE_FUNCTION(CK_RV,C_CloseAllSessions)(CK_SLOT_IDslotID);,會(huì)話管理函數(shù),4.C_GetSessionInfoCK_DEFINE_FUNCTION(CK_RV,C_GetSessionInfo)(CK_SESSION_HANDLEhSession,CK_SESSION_INFO_PTRpInfo);,會(huì)話管理函數(shù),5.C_GetOperationStateCK_DEFINE_FUNCTION(CK_RV,C_GetOperationState)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpOperationState,CK_ULONG_PTRpulOperationStateLen);,會(huì)話管理函數(shù),6.C_SetOperationStateCK_DEFINE_FUNCTION(CK_RV,C_SetOperationState)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpOperationState,CK_ULONGulOperationStateLen,CK_OBJECT_HANDLEhEncryptionKey,CK_OBJECT_HANDLEhAuthenticationKey);,會(huì)話管理函數(shù),7.C_LoginCK_DEFINE_FUNCTION(CK_RV,C_Login)(CK_SESSION_HANDLEhSession,CK_USER_TYPEuserType,CK_UTF8CHAR_PTRpPin,CK_ULONGulPinLen);,會(huì)話管理函數(shù),8.C_LogoutCK_DEFINE_FUNCTION(CK_RV,C_Logout)(CK_SESSION_HANDLEhSession);,對(duì)象管理函數(shù),1.C_CreateObjectCK_DEFINE_FUNCTION(CK_RV,C_CreateObject)(CK_SESSION_HANDLEhSession,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount,CK_OBJECT_HANDLE_PTRphObject);,對(duì)象管理函數(shù),2.C_CopyObjectCK_DEFINE_FUNCTION(CK_RV,C_CopyObject)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhObject,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount,CK_OBJECT_HANDLE_PTRphNewObject);,對(duì)象管理函數(shù),3.C_DestroyObjectCK_DEFINE_FUNCTION(CK_RV,C_DestroyObject)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhObject);,對(duì)象管理函數(shù),4.C_GetObjectSizeCK_DEFINE_FUNCTION(CK_RV,C_GetObjectSize)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhObject,CK_ULONG_PTRpulSize);,對(duì)象管理函數(shù),5.C_GetAttributeValueCK_DEFINE_FUNCTION(CK_RV,C_GetAttributeValue)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhObject,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount);,對(duì)象管理函數(shù),6.C_SetAttributeValueCK_DEFINE_FUNCTION(CK_RV,C_SetAttributeValue)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhObject,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount);,對(duì)象管理函數(shù),7.C_FindObjectsInitCK_DEFINE_FUNCTION(CK_RV,C_FindObjectsInit)(CK_SESSION_HANDLEhSession,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount);,對(duì)象管理函數(shù),8.C_FindObjectsCK_DEFINE_FUNCTION(CK_RV,C_FindObjects)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLE_PTRphObject,CK_ULONGulMaxObjectCount,CK_ULONG_PTRpulObjectCount);,對(duì)象管理函數(shù),9.C_FindObjectsFinalCK_DEFINE_FUNCTION(CK_RV,C_FindObjectsFinal)(CK_SESSION_HANDLEhSession);,加密函數(shù),1.C_EncryptInitCK_DEFINE_FUNCTION(CK_RV,C_EncryptInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,加密函數(shù),2.C_EncryptCK_DEFINE_FUNCTION(CK_RV,C_Encrypt)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpData,CK_ULONGulDataLen,CK_BYTE_PTRpEncryptedData,CK_ULONG_PTRpulEncryptedDataLen);,加密函數(shù),3.C_EncryptUpdateCK_DEFINE_FUNCTION(CK_RV,C_EncryptUpdate)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpPart,CK_ULONGulPartLen,CK_BYTE_PTRpEncryptedPart,CK_ULONG_PTRpulEncryptedPartLen);,加密函數(shù),4.C_EncryptFinalCK_DEFINE_FUNCTION(CK_RV,C_EncryptFinal)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpLastEncryptedPart,CK_ULONG_PTRpulLastEncryptedPartLen);,解密函數(shù),1.C_DecryptInitCK_DEFINE_FUNCTION(CK_RV,C_DecryptInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,解密函數(shù),2.C_DecryptCK_DEFINE_FUNCTION(CK_RV,C_Decrypt)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpEncryptedData,CK_ULONGulEncryptedDataLen,CK_BYTE_PTRpData,CK_ULONG_PTRpulDataLen);,解密函數(shù),3.C_DecryptUpdateCK_DEFINE_FUNCTION(CK_RV,C_DecryptUpdate)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpEncryptedPart,CK_ULONGulEncryptedPartLen,CK_BYTE_PTRpPart,CK_ULONG_PTRpulPartLen);,解密函數(shù),4.C_DecryptFinalCK_DEFINE_FUNCTION(CK_RV,C_DecryptFinal)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpLastPart,CK_ULONG_PTRpulLastPartLen);,摘要函數(shù),1.C_DigestInitCK_DEFINE_FUNCTION(CK_RV,C_DigestInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism);,摘要函數(shù),2.C_DigestCK_DEFINE_FUNCTION(CK_RV,C_Digest)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpData,CK_ULONGulDataLen,CK_BYTE_PTRpDigest,CK_ULONG_PTRpulDigestLen);,摘要函數(shù),3.C_DigestUpdateCK_DEFINE_FUNCTION(CK_RV,C_DigestUpdate)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpPart,CK_ULONGulPartLen);,摘要函數(shù),4.C_DigestKeyCK_DEFINE_FUNCTION(CK_RV,C_DigestKey)(CK_SESSION_HANDLEhSession,CK_OBJECT_HANDLEhKey);,摘要函數(shù),5.C_DigestFinalCK_DEFINE_FUNCTION(CK_RV,C_DigestFinal)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpDigest,CK_ULONG_PTRpulDigestLen);,簽名函數(shù),1.C_SignInitCK_DEFINE_FUNCTION(CK_RV,C_SignInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,簽名函數(shù),2.C_SignCK_DEFINE_FUNCTION(CK_RV,C_Sign)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpData,CK_ULONGulDataLen,CK_BYTE_PTRpSignature,CK_ULONG_PTRpulSignatureLen);,簽名函數(shù),3.C_SignUpdateCK_DEFINE_FUNCTION(CK_RV,C_SignUpdate)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpPart,CK_ULONGulPartLen);,簽名函數(shù),4.C_SignFinalCK_DEFINE_FUNCTION(CK_RV,C_SignFinal)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpSignature,CK_ULONG_PTRpulSignatureLen);,簽名函數(shù),5.C_SignRecoverInitCK_DEFINE_FUNCTION(CK_RV,C_SignRecoverInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,簽名函數(shù),6.C_SignRecoverCK_DEFINE_FUNCTION(CK_RV,C_SignRecover)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpData,CK_ULONGulDataLen,CK_BYTE_PTRpSignature,CK_ULONG_PTRpulSignatureLen);,校驗(yàn)函數(shù),1.C_VerifyInitCK_DEFINE_FUNCTION(CK_RV,C_VerifyInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,校驗(yàn)函數(shù),2.C_VerifyCK_DEFINE_FUNCTION(CK_RV,C_Verify)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpData,CK_ULONGulDataLen,CK_BYTE_PTRpSignature,CK_ULONGulSignatureLen);,校驗(yàn)函數(shù),3.C_VerifyUpdateCK_DEFINE_FUNCTION(CK_RV,C_VerifyUpdate)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpPart,CK_ULONGulPartLen);,校驗(yàn)函數(shù),4.C_VerifyFinalCK_DEFINE_FUNCTION(CK_RV,C_VerifyFinal)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpSignature,CK_ULONGulSignatureLen);,校驗(yàn)函數(shù),5.C_VerifyRecoverInitCK_DEFINE_FUNCTION(CK_RV,C_VerifyRecoverInit)(CK_SESSION_HANDLEhSession,CK_MECHANISM_PTRpMechanism,CK_OBJECT_HANDLEhKey);,校驗(yàn)函數(shù),6.C_VerifyRecoverCK_DEFINE_FUNCTION(CK_RV,C_VerifyRecover)(CK_SESSION_HANDLEhSession,CK_BYTE_PTRpSignature,CK_ULONGulSignatureLen,CK_BYTE_PTRpData,CK_ULONG_PTRpulDataLen);,KEY管理函數(shù),1.C_GenerateKeyCK_DEFINE_FUNCTION(CK_RV,C_GenerateKey)(CK_SESSION_HANDLEhSessionCK_MECHANISM_PTRpMechanism,CK_ATTRIBUTE_PTRpTemplate,CK_ULONGulCount,CK_OBJECT_HANDLE_PTRphKey);,KEY管理函數(shù),2